Every time you type a website address into your browser, a DNS server somewhere translates that human-readable name into the numeric IP address your device actually needs to make the connection. By default, your devices use whatever DNS servers your Internet Service Provider assigns โ but those aren't necessarily the fastest, most private, or most secure option. Changing your DNS server is one of the simplest network tweaks you can make, and it can meaningfully improve your browsing speed, privacy, and security.
After working in IT for over 20 years, changing DNS settings is one of the first things I do on any network I manage. It takes about two minutes, requires no special software, and the benefits are immediate. Here's why it matters and exactly how to do it on every major platform.
Why Your ISP's DNS Might Not Be the Best Choice
Speed. ISP DNS servers are often slower than dedicated DNS services. They're typically optimized for cost rather than performance, running on shared infrastructure that can become overloaded during peak hours. Third-party DNS providers like Cloudflare and Google operate globally distributed anycast networks specifically engineered for low-latency DNS resolution. The difference might be 10-50 milliseconds per query, which doesn't sound like much โ but your browser makes dozens of DNS queries per page load, and those milliseconds add up to a noticeably snappier browsing experience.
Privacy. Your DNS queries reveal every website you visit. ISP DNS servers log these queries, and in many countries, ISPs are legally permitted to sell this browsing data to advertisers or share it with government agencies. By switching to a privacy-focused DNS provider that doesn't log queries โ such as Cloudflare's 1.1.1.1 service, which has been independently audited to confirm their no-logs policy โ you prevent your ISP from building a complete record of your browsing history through DNS.
Security. Some DNS providers actively block known malicious domains. Quad9 (9.9.9.9) maintains a threat intelligence feed and blocks DNS queries to domains associated with malware, phishing, and botnets. Cloudflare offers a similar service through their 1.1.1.2 and 1.1.1.3 addresses, with the latter also blocking adult content โ useful for family networks. This provides a baseline layer of protection against malicious websites without installing any software on your devices.
Reliability. ISP DNS servers occasionally go down, which can make it appear as though your entire internet connection is broken โ your connection to the ISP is fine, but no website names can be resolved. Third-party DNS providers typically have much better uptime records and redundancy, with multiple servers in different locations ensuring continuous availability.
Popular DNS Providers
Cloudflare (1.1.1.1 / 1.0.0.1) consistently ranks among the fastest public DNS services. They offer a strict no-logging privacy policy that's been independently audited by KPMG. They also offer DNS over HTTPS (DoH) and DNS over TLS (DoT) for encrypted queries. For families, 1.1.1.2 blocks malware, and 1.1.1.3 blocks both malware and adult content.
Google Public DNS (8.8.8.8 / 8.8.4.4) is one of the oldest and most widely used public DNS services. It's fast and reliable with excellent global coverage. Google does log some DNS data temporarily for diagnostic purposes, so it's not the best choice if privacy is your primary concern, but it's a significant improvement over most ISP DNS servers.
Quad9 (9.9.9.9 / 149.112.112.112) is the best choice for security-focused users. Operated by a nonprofit, Quad9 blocks access to domains associated with malware, phishing, and other cyber threats using threat intelligence from multiple security industry partners. They don't log personally identifiable query data.
OpenDNS (208.67.222.222 / 208.67.220.220) is now owned by Cisco and offers both free and paid tiers. The free tier provides basic DNS with optional content filtering that you can customize through an online dashboard. It's particularly useful for organizations that want centralized content filtering without deploying endpoint software.
Changing DNS on Your Router (Recommended)
The best approach is to change the DNS settings on your router. This way, every device on your network automatically uses the new DNS servers without any per-device configuration. Log into your router's admin panel (typically at 192.168.0.1 or 192.168.1.1), find the DNS or Internet/WAN settings, and replace the ISP-provided DNS addresses with your chosen provider's addresses.
Look for fields labeled "Primary DNS" and "Secondary DNS" (or "DNS 1" and "DNS 2"). Enter the primary address of your chosen provider in the first field and the secondary address in the second field. For Cloudflare, that would be 1.1.1.1 and 1.0.0.1. Save and apply the changes. Some routers require a restart for DNS changes to take effect.
After changing the DNS, verify the change is working correctly. Visit IP Lobster's DNS Lookup and query a domain. You can also run nslookup example.com from a command prompt to see which DNS server is responding. It should show the address of your new DNS provider rather than your ISP's server.
Changing DNS on Windows
If you can't change DNS at the router level, or if you want different DNS settings on a specific device, you can configure it per-device. On Windows 10 and 11, open Settings, go to Network and Internet, then select your active connection (Wi-Fi or Ethernet). Click on "Hardware properties" or the connection name, then find the DNS server assignment section. Change it from "Automatic (DHCP)" to "Manual," enable IPv4, and enter your preferred DNS addresses.
Alternatively, you can change DNS through the Control Panel. Open Control Panel, go to Network and Internet, then Network and Sharing Center. Click on your active connection, then Properties, select "Internet Protocol Version 4 (TCP/IPv4)," click Properties, and select "Use the following DNS server addresses." Enter your preferred and alternate DNS servers and click OK. You may need to flush your DNS cache afterward by opening an admin command prompt and running ipconfig /flushdns.
Changing DNS on macOS
On macOS, open System Settings (or System Preferences on older versions), click Network, select your active connection (Wi-Fi or Ethernet), and click Details. Navigate to the DNS tab. You'll see your current DNS servers listed โ these may be grayed out if they were assigned by DHCP. Click the plus (+) button to add your preferred DNS servers. Add both the primary and secondary addresses. The order matters โ macOS queries them from top to bottom. You can remove the ISP-assigned servers by selecting them and clicking the minus (-) button, or leave them as fallbacks.
To flush the DNS cache on macOS, open Terminal and run sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. This clears any cached entries that might still point to old DNS results.
Changing DNS on Linux
On modern Linux distributions using systemd-resolved (Ubuntu 18.04+, Fedora, and others), you can set DNS servers through your network manager's GUI or by editing the connection configuration. Using the command line with NetworkManager, run nmcli con mod "Your Connection Name" ipv4.dns "1.1.1.1 1.0.0.1" followed by nmcli con up "Your Connection Name" to apply the change.
On systems using the traditional resolv.conf approach, you can edit /etc/resolv.conf directly, though be aware that many distributions overwrite this file automatically. Adding nameserver 1.1.1.1 and nameserver 1.0.0.1 lines sets the DNS servers, but you may need to configure your DHCP client or NetworkManager to prevent them from being overwritten.
For persistent DNS configuration on systemd-based systems, the proper approach is to edit /etc/systemd/resolved.conf, add your DNS servers under the [Resolve] section, and restart the systemd-resolved service.
DNS Over HTTPS and DNS Over TLS
Standard DNS queries are sent in plain text โ anyone between you and the DNS server (your ISP, a coffee shop's Wi-Fi operator, or an attacker on the network) can see every domain you're looking up. DNS over HTTPS (DoH) and DNS over TLS (DoT) encrypt your DNS queries, preventing this eavesdropping.
Most modern browsers now support DoH natively. In Firefox, go to Settings, Privacy and Security, and enable DNS over HTTPS. Chrome enables it automatically when you use a supported DNS provider. At the system level, Windows 11 supports encrypted DNS in its network settings, and tools like dnscrypt-proxy can add encrypted DNS to any platform.
If privacy is a significant concern, combining a no-logs DNS provider with encrypted DNS queries is one of the most effective steps you can take. It prevents your ISP from seeing your DNS queries and prevents the DNS provider from retaining them.
Verifying Your DNS Change
After changing your DNS settings, verify the change is working. The quickest test is to use IP Lobster's DNS Lookup tool. You can also run nslookup example.com from any command prompt โ the response will show which DNS server answered the query. On Linux and macOS, dig example.com provides more detailed information including the responding server and query time in milliseconds, which lets you compare performance between DNS providers.
If you're still seeing old DNS results after switching, flush your local DNS cache and clear your browser cache. DNS records are cached at multiple levels โ your browser, your operating system, and your router may all hold cached entries from the old DNS server. Flushing these caches forces fresh lookups through your new DNS provider.
Changing your DNS server is one of those small tweaks that pays dividends every single time you use the internet. It's free, takes minutes, and improves speed, privacy, and security simultaneously โ one of the rare cases where you genuinely get something for nothing.